
<?php session_start(); ?>

<?php

require_once("Connect.php");

//$g=$_POST['ne'];

$_SESSION['mande']= "";

$FName = @trim(mysql_real_escape_string(ucfirst($_POST['FName'])));
$LName = @trim(mysql_real_escape_string(ucfirst($_POST['LName']))); 
$Username = @trim(mysql_real_escape_string(ucfirst($_POST['Username'])));
$title = $_POST['title'];
$pass1 = @/*md5(*/trim(mysql_real_escape_string($_POST['pass1']/*)*/));
$pass2 = @/*md5(*/trim(mysql_real_escape_string($_POST['pass2']/*)*/));

$oldPass = @trim(mysql_real_escape_string($_POST['oldPass']));
$newPass = @trim(mysql_real_escape_string($_POST['newPass']));
$newPass2 = @trim(mysql_real_escape_string($_POST['t']));


$register = @$_POST['register'];
$change = @$_POST['change'];

if(isset($register)){

if($FName == "" || $LName == "" || $Username == "" || $title == "---Select title here---" || $pass1 == "" || $pass2 == ""){
$msg = "Please provide all fields!!";
header("location:register.php?poll=$msg");
 //exit;

}else{
if($pass1 != $pass2){
$msg = "Passwords do not match!!";
header("location:register.php?poll=$msg");

}
/*else{*/

//$g = ;

//$Qw = mysql_query("SELECT * FROM food WHERE Name = '".$recordName."' ") or die(mysql_error());

//$t = mysql_fetch_array("SELECT * FROM workers WHERE Username = '$Username' AND Responsibility = '$title' ") or die(mysql_error());

/*echo $g['Username'];
include "register.php";*/
/*if(mysql_num_rows($t)>0){
$msg = "User already exists as ".$title;
header("location:register.php?poll=$msg");
}*/
else{

$ch = mysql_query("SELECT * FROM workers WHERE Username='$Username' AND Responsibility='$title' ");
//$OthChk = mysql_fetch_array($ch) or die(mysql_error()); 

if(mysql_num_rows($ch)>0){
$msg = $title." with Username ".$Username." already exists, please try again!";
header("location:register.php?poll=$msg");

}else{
$enter = "INSERT INTO workers VALUES(null,'$FName' ,'$LName' , '$title','$Username','$pass1')";
$result = mysql_query($enter) or die(mysql_error());

if($result){
$msg = "User registration successful!";
header("location:register.php?poll=$msg");
//include('register.php');
}else{
$msg = "User registration failed";
header("location:register.php?poll=$msg");
//include('register.php');
}
}
  }
   }
 }

if(isset($change)){

if($Username == "" || $title == "---Select title here---" || $oldPass == "" || $newPass == "" || $newPass2 == ""){
$msg2 = "Please provide all fields!!";
header("location:register.php?poll2=$msg2");

}else{
$chng = mysql_query("SELECT * FROM workers WHERE Username='$Username' AND Responsibility = '$title' ") or die(mysql_error());
if(mysql_num_rows($chng)>0){
$cm = mysql_query("SELECT * FROM workers WHERE Username='$Username' AND Responsibility = '$title' AND pwd = '$oldPass' ") or die(mysql_error());
if(mysql_num_rows($cm)>0){
if($newPass != $newPass2){
$msg2 = "Passwords do not match!!";
header("location:register.php?poll2=$msg2");
}else{
$upd = mysql_query("UPDATE workers SET pwd = '$newPass2' WHERE Username = '$Username' ") or die(mysql_error());

if($upd){
$msg2 = "User details updated successfully!";
header("location:register.php?poll2=$msg2");
}else{
$msg2 = "Update failed, please try again";
header("location:register.php?poll2=$msg2");
}
}
}else{
$msg2 = "Wrong password entered for ".$Username;
header("location:register.php?poll2=$msg2");
}
}else{
$msg2 = $title." with Username ".$Username." does not exist, please try again!";
header("location:register.php?poll2=$msg2");
  }
}
   }
?>